Security & Data Philosophy

We are not a system of record. Your product data is processed and discarded—never stored.

🔒

We Don't Store Your Data

When you send a product description to our API, we classify it, return the result, and discard the input. We can't replay your requests because we don't have them. Only usage metrics (for billing) and API logs (for debugging) are retained.

Enterprise Infrastructure

Hosting

Vercel

  • SOC 2 Type II
  • ISO 27001
  • DDoS protection

Database

Supabase (AWS)

  • SOC 2 Type II
  • Encrypted at rest
  • US-East region

AI Processing

Anthropic Claude

  • SOC 2 Type II
  • No training on data
  • US-based

Compliance

Compliant

GDPR

No EU personal data processed. API handles product/tariff data only.

Compliant

CCPA

We do not sell personal information. Data export/deletion on request.

In Progress

SOC 2

Certification planned for 2026. Current controls align with Type I.

Security Inquiries

For security reviews, DPA requests, or vulnerability reports:

security@triangle-trade.comSecurity & vulnerability reportspartners@triangle-trade.comDPA requests & compliance docs

Stateless API. No data retention. Fast security reviews.

Get API KeySee How It Works